Conférences invitées

Lundi 16 septembre (16h30 - 17h30)


Unsupervised Network Anomaly Detection


Chargé de Recherche au LAAS-CNRS, Toulouse



Network anomaly detection is a critical aspect of network management for instance for QoS, security, etc. The continuous arising of new anomalies and attacks create a continuous challenge to cope with events that put the network integrity at risk. Most network anomaly detection systems proposed so far employ a supervised strategy to accomplish the task, using either signature-based detection methods or supervised-learning techniques. However, both approaches present major limitations: the former fails to detect and characterize unknown anomalies (letting the network unprotected for long periods), the latter requires training and labeled traffic, which is difficult and expensive to produce. Such limitations impose a serious bottleneck to the previously presented problem. We introduce an unsupervised approach to detect and characterize network anomalies, without relying on signatures, statistical training, or labeled traffic, which represents a significant step towards the autonomy of networks. Unsupervised detection is accomplished by means of robust data-clustering techniques, combining Sub-Space clustering with Evidence Accumulation or Inter-Clustering Results Association, to blindly identify anomalies in traffic flows. Several post-processing techniques such as correlation, ranking and characterization, are applied on extracted anomalies to improve results and reduce operator workload. The detection and characterization performances of the unsupervised approach are evaluated on real network traffic.


Philippe Owezarski is a full time researcher of CNRS (the French center for scientific research), working at LAAS (Laboratory for Analysis and Architecture of Systems), in Toulouse, France. He got a PhD in computer science in 1996 from Paul Sabatier University, Toulouse III and a habilitation for advising thesis in 2006. His main interests deal with high-speed networking and more specifically IP networks monitoring, and Quality of Service and security enforcement based on measurements.

During year 2000, he spent 9 months working for Sprint ATL in Burlingame, California. There he has been working on the Sprint monitoring IPMON project, and focused mainly on actual TCP flows analysis. Back to LAAS, Philippe Owezarski has been one of the main contributors of a monitoring project in France – METROPOLIS, has been leading a French steering group on IP networks monitoring, and has been leading the French MetroSec project aiming at increasing the robustness of the Internet against DoS and DDoS attacks. He has also been contributing to the European COST-TMA and ECODE projects which proposed to use monitoring as the main support for enforcing QoS optimization and security mechanisms in networks (in particular by using machine learning techniques for improving routing and anomaly detection). Philippe Owezarski also uses monitoring and honeypots for studying malicious traffic in the Internet and assessing the threads on the network and its users.

Philippe Owezarski is the author of more than 70 papers in international journals and conferences, and he contributed to the writing of 7 book chapters. He is also the editor of 7 books, a guest editor of the IEEE TNSM journal, and a member of the TMA steering committee. Philippe Owezarski has also been and still is the advisor for 9 PhD thesis and two post-docs. Philippe Owezarski was also the TPC chair for 17 conferences, including the recent CNSM’2012 conference, and the upcoming ACNS’2014 congress.


Mardi 17 septembre (09h00 - 10h00)


Smatphone and privacy : the Mobilitics INRIA-CNIL project

Vincent ROCA

Chercheur INRIA Rhônes Alpes (Grenoble)



It is no surprise, given smartphones convenience and utility, to see their wide adoption worldwide. Smartphones are naturally gathering a lot of personal information as the user communicates, browses the web and runs various Apps. But they are equipped with GPS, NFC and digital camera facilities, which means that smartphones also generate new personal information. And since they are almost always connected to the Internet, and are barely turned off, they can potentially reveal a lot of information about the activities of their owners. The close arrival of smart-watches and smart-glasses will just increase the amount of personal information available and the privacy leakage risks.

This talk introduces the Mobilitics project that is currently conducted by Inria/Privatics and CNIL, the French data protection authority. After an introduction to the problem and the motivations behind tracking techniques, we will detail the logging and analysis tools we developed for the iOS and Android Mobile OSes, and some of our findings. It appears that the actual behavior of certain Apps running on our smartphone may be much more intrusive than what we think, and sometimes what is written in the legal notice. A cleanup of some practices in terms of personal information collection is needed.


Vincent Roca est depuis 2000 chercheur Inria dans le centre de Grenoble, Rhône-Alpes. Après s'être longtemps intéressé aux réseaux, en particulier aux techniques de diffusion robuste d'informations (protocoles "multicast fiable" tels que FLUTE/ALC, que l'on retrouve dans tous les terminaux mobiles, et codes correcteurs de niveau applicatif, certains étant déployés commercialement), il est désormais membre de l'équipe Inria/Privatics, Grenoble, et travaille sur la thématique de la "vie privée". En particulier il s'occupe du project Mobilitics dans le cadre d'une convention Inria-CNIL.